Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 03:29 pm EDT

Geeklog Forums

Logged in users asked to log-in repeatedly?


Status: offline

Kent-Weather

Forum User
Junior
Registered: 03/26/09
Posts: 24
Location:Kent, United Kingdom
Hello all,

Is there a specific setting i can set for logged-in users to remain logged in? i had permanent & session timeout set to 0 which worked fine if logged in as admin/root, but even setting the default 28800 and 7200 respectivly and refreshing the page (or going to any link within the website itself such as forum[logged out] then to post a new thread) you still get logged out?

Edit : forgot to ask... Is there any reason why i had a normal user able to access my admin panel by pasting the admin panel link? 1.5.2sr4 is the current version im using. I've passworded the directory to prevent further risks but am very shocked at the exploit Cry

Rolling Eyes Thank you in advance Oops!
 Quote

Status: offline

1000ideen

Forum User
Full Member
Registered: 08/04/03
Posts: 1298
Normally users stay logged-in and cannot go to the admin area if they are not admins of any kind.
 Quote

Status: offline

Kent-Weather

Forum User
Junior
Registered: 03/26/09
Posts: 24
Location:Kent, United Kingdom
I know, thats why im asking how is it possible
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: Kent-Weather

Is there any reason why i had a normal user able to access my admin panel by pasting the admin panel link?


What exactly did the user have access to? It's normal that when a user gets any type of admin access, e.g. for a plugin, that they have access to admin/moderation.php. But they would only see the icons for the areas there that they have access to (plus the icons for Documentation and Logout).

So which additional rights did that user have?

bye, Dirk
 Quote

Status: offline

Kent-Weather

Forum User
Junior
Registered: 03/26/09
Posts: 24
Location:Kent, United Kingdom
yes resolved by same query Dirk but thank you lol.

any ideas on the cookies still? or ideal settings to remain signed in on user accounts and not admin?
 Quote

Chris

Anonymous
We had an issue where signed in users would get dropped quickly and asked to sign back in. The fix for that particular issue is: http://www.geeklog.net/forum/viewtopic.php?showtopic=83631 . Not sure if that's your problem though.
 Quote

Status: offline

Kent-Weather

Forum User
Junior
Registered: 03/26/09
Posts: 24
Location:Kent, United Kingdom
Hello Chris and thank you for the reply.

Using the code listed in the linked page gives an SQL error
 Quote

Status: offline

Kent-Weather

Forum User
Junior
Registered: 03/26/09
Posts: 24
Location:Kent, United Kingdom
bumping this as i have not recieved a fix and am still experiencing the same problem where users are being logged out after what seems like 10-15seconds. I've upgraded to 1.6.0rc1 to see if this would help, and it has not....

Im able to replicate the error by clicking onto different links across my site. It seems to be a site setting im missing. please advise Frown

 Quote

Status: offline

1000ideen

Forum User
Full Member
Registered: 08/04/03
Posts: 1298
Did you check your browser settings? How do you log in with www or without? What is the $_CONF['site_url'] ?
 Quote

Status: offline

Kent-Weather

Forum User
Junior
Registered: 03/26/09
Posts: 24
Location:Kent, United Kingdom
Which file contains the $_CONF['site_url'] please 1000ideen ?
 Quote

Status: offline

1000ideen

Forum User
Full Member
Registered: 08/04/03
Posts: 1298
Either your old config.php or check the site URL in the configuration now with GL 1.6
 Quote

Status: offline

Kent-Weather

Forum User
Junior
Registered: 03/26/09
Posts: 24
Location:Kent, United Kingdom
Deen, in the configuration file via command and control.

http://www.kent-weather.co.uk

siteconfig.php doesnt contain $_CONF['site_url'] and i dont see any other config file relating to the site itself.
What next? Oops!

Thank you also for taking the time to help me on this, i greatfully appreciate it
 Quote

Status: offline

1000ideen

Forum User
Full Member
Registered: 08/04/03
Posts: 1298
I have no problems on your site with Firefox. So again what`s your browser and check your browser settings concerning cookies.

That`s the most likely thing. :kickcan:
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Going back to the original post:

Quote by: Kent-Weather

Is there a specific setting i can set for logged-in users to remain logged in? i had permanent & session timeout set to 0 which worked fine if logged in as admin/root, but even setting the default 28800 and 7200 respectivly and refreshing the page (or going to any link within the website itself such as forum[logged out] then to post a new thread) you still get logged out?



This doesn't sound right.

There are two timeouts (but three settings) involved here:

The permanent timeout is the one that defines how long the permanent cookie is valid. You can set it to 0 (in the configuration) or "(don't)" (under My Account), so that no permanent cookie is set. The option in the configuration is only the default for new users, the option in My Account overrides it (i.e. that setting is per user).

The other timeout is for how long a session is valid in the database. It's valid for all users. And setting it to 0 is a bad idea.

When the db session times out, Geeklog checks for the permanent cookie, which would log you right back in - if it exists. If you set both timeouts to 0, you will indeed be asked to log in again after every action.

HTH

bye, Dirk

 Quote

All times are EDT. The time is now 03:29 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content